Method of securing access to IP LANs
First Claim
1. A system for internal and internet communication comprising:
- an intranet with a connection through a firewall to the internet;
a plurality of databases on the intranet including an intranet security database with a clearance levels for intranet users having a user ID and active codeword; and
a plurality of LANs within the intranet each having a separate security system response to a user ID and codeword in the internet security database to assign a LAN port location to a user and provide periodic comparisons of the users MAC and IP addresses against the user'"'"'s assigned port location to detect switching of ports by users.
2 Assignments
0 Petitions
Accused Products
Abstract
Protection against spoofing is provided in a LAN having at least two service classes, where one service class includes allows access to the LAN, the internet, and the intranet containing the LAN and a more limited service class which allows access to the LAN and the internet but not the intranet databases. A user gains access to the LAN using his or her ID which identifies the user'"'"'s access level. To prevent limited access users from gaining access to the intranet by changing addresses, the system continuously performs periodic checks for address changes. If there is an address change, the port assigned to, or used by the user, is disabled throwing the user off the LAN prior to his or her obtaining the requested data.
-
Citations
18 Claims
-
1. A system for internal and internet communication comprising:
-
an intranet with a connection through a firewall to the internet;
a plurality of databases on the intranet including an intranet security database with a clearance levels for intranet users having a user ID and active codeword; and
a plurality of LANs within the intranet each having a separate security system response to a user ID and codeword in the internet security database to assign a LAN port location to a user and provide periodic comparisons of the users MAC and IP addresses against the user'"'"'s assigned port location to detect switching of ports by users. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for maintaining security in intranet and internet communication comprising:
-
providing a plurality of databases on the intranet including an internet security database with clearance levels for intranet users with a user ID and an active codeword; and
having a plurality of LANs within the intranet each having a separate security system responsive to a user ID and codeword in the intranet security database to assign a LAN port location to the user and provide periodic comparisons of the users MAC and IP addresses against the user'"'"'s assigned port location to detect the user'"'"'s switching ports. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer software program on at least one computer medium for intranet and internet communication comprising:
-
computer code for a plurality of databases on the intranet including an intranet security database with a clearance level for intranet users with a user ID active codeword; and
computer code for a plurality of LANs within the intranet each having a separate security system response to any user ID and codeword in the intranet security database to assign a LAN port location to the user and provide periodic comparisons of the users MAC and IP addresses against the user'"'"'s assigned port location to detect the user'"'"'s switching ports. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification